magic starSummarize by Aili

Novel attack against virtually all VPN apps neuters their entire purpose

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

๐ŸŒˆ Abstract

The article discusses a new attack called "TunnelVision" that can force virtual private network (VPN) applications to send and receive some or all traffic outside of the encrypted tunnel, negating the purpose of using a VPN.

๐Ÿ™‹ Q&A

[01] Overview of the TunnelVision Attack

1. What is the TunnelVision attack?

  • The TunnelVision attack forces VPN applications to send and receive some or all traffic outside of the encrypted tunnel, allowing the attacker to read, drop, or modify the leaked traffic.

2. How does the TunnelVision attack work?

  • The attack manipulates the DHCP server that allocates IP addresses to devices on the local network, using DHCP option 121 to override the default routing rules and divert VPN traffic through the DHCP server.
  • This causes the VPN traffic to be transmitted outside the encrypted tunnel, allowing the attacker to intercept and manipulate the traffic.

3. What are the effects of the TunnelVision attack?

  • The victim's traffic is "decloaked" and routed through the attacker, who can read, drop, or modify the leaked traffic.
  • The VPN application will still report that all data is being sent through the protected connection, even though some or all of the traffic is being diverted outside the encrypted tunnel.

[02] Impact and Mitigation of the TunnelVision Attack

1. What operating systems are affected by the TunnelVision attack?

  • The attack affects VPN applications on all operating systems except Android, which does not implement DHCP option 121.
  • On Linux, there is a setting that can minimize the effects, but the attack can still be used to de-anonymize destination traffic and perform targeted denial-of-service attacks.

2. What are the most effective ways to mitigate the TunnelVision attack?

  • Running the VPN inside a virtual machine with the network adapter not in bridged mode.
  • Connecting the VPN to the internet through the Wi-Fi network of a cellular device.

3. Why are these mitigation strategies problematic?

  • A VPN user connecting to an untrusted network has no ability to control the network firewall, which is one potential mitigation strategy.
  • The Linux mitigation still leaves a side channel that can be exploited by the TunnelVision attack.
Shared by Daniel Chen ยท
chromeInstall fromChrome Web Store
ยฉ 2024 NewMotor Inc.